4. The SIG Resource Record

The SIG or "signature" resource record (RR) is the fundamental way
that data is authenticated in the secure Domain Name System (DNS). As
such it is the heart of the security provided.

The SIG RR unforgably authenticates other RRs of a particular type,
class, and name and binds them to a time interval and the signer's
domain name. This is done using cryptographic techniques and the
signer's private key. The signer is frequently the owner of the zone
from which the RR originated.